[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5354) slapd repeatedly hangs and stops reponding

Oren Laadan wrote:
Howard Chu wrote:
You haven't provided any information to explain why you cannot structure
your additional entries as a distinct subtree. You're still just
handwaving when we ask for concrete examples of the entries involved.

Clearly I'm new to LDAP. Please indicate what information is missing, I'll be happy to provide, even the local database (my .ldif file) and sample queries from the remote server. Just name it.

Taking a step back: we have a departmental LDAP server for user auth,
(posix) groups, autofs maps and so on. In my group, we add to the DB
groups and autofs maps that do not exist on the remote server, so a
user on our machines can belong to additional groups.

I am not arguing that I cannot structure it differently. I simply do
not know if I can structure it differently. Ideally I could add entries
to the remote database, but that is impossible. The remote server
gives DN dc=MAIN,dc=EXAMPLE,dc=COM, which is what I made the local
server give (via the meta backend) and which is what the clients are
using as their base DN.

Since it appears that you just need to make your data work with pam_ldap/nss_ldap I suggest you (1) keep your local data in a distinct subtree and (2) read the pam/nss_ldap documentation regarding the use of multiple service search descriptors. There's no reason to be using suffixmassage here.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/